CEO Fraud

CEO Fraud is a type of phishing in which the attackers impersonate the boss of a company and trick employees into wiring funds to them.

CEO Fraud is usually achieved through one of these common four scenarios:

1- Someone impersonates the boss asking an employee to make a monetary transfer into a fraudster’s account.

2- Someone impersonates the IT services department of a bank saying they want to make a test transfer.

3- Someone claims to be a supplier that has changed their bank account details and asks for outstanding invoices to be paid into a new bank account.

4- Employees click on links within phishing emails containing malware which authorises many small payments to a fraudster’s account.

Example of CEO Fraud email:

Why CEO Fraud is so effective?

The CEO fraud is particularly dangerous because it can’t be easily detected by a spam filter. The email usually doesn’t include any links or attachments. It’s just a conversation between the spammer and the target person asking for sensitive information or an urgent action to be taken. Moreover, because the email appears to be coming from a trustworthy source, such as the boss or a very well-known vendor who is currently doing business with the company, the target staff member often feels pressured or at ease and doesn’t really question it.

The result of CEO fraud can be disastrous. The company can lose thousands of pounds as, most of the time, the funds cannot be recovered once they have left their account. Also, sensitive data can be stolen, compromising the privacy of thousands of clients and employees, threatening the reputation of the company and putting it at risk of legal prosecution. That’s why it’s very important for all employees to learn how to spot fraud emails and protect yourself and your company from such attacks.

How to protect yourself from CEO Fraud?

If you receive an email that urges you to send a wire transfer or sensitive data immediately, pay close attention to the email address it was sent from and also the reply address. These are likely to be different and the reply address in particular will probably be an external mailbox not connected to your business.

As with all spam, never click any links contained within the email. However, in this instance the perpetrator is more interested in starting a conversation with you in which they will try and persuade you to transfer a large sum of money to a particular bank account. Therefore, it is important to educate your finance team about CEO fraud and set up a privacy procedure through which any wire transfer or sharing of confidential data requires certain approvals and proper documentation before it’s initiated. For large wire transfers, request verbal approval or confirmation.

You should also protect all end points and key apps with multiple methods of identification (MFA) as the password-based security alone is no longer effective.

We appreciate it is not always easy to know exactly who has sent an email, particularly when you cannot physically see the sender. We therefore advise all companies to arrange a secret safe-word or password which can be provided to authenticate sensitive requests such as monetary transfers. This way, if you do end up in conversation with a suspected fraudster, this will prove if their request is legitimate.

If you have any further questions or need advice on identifying a suspect email,
please give our helpdesk a call on 0345 200 1185.

The first line of defence against online threats is vigilance and common sense!